Linux iptables firewall - UDP questions
Posted on 2006-06-12
I'm securing my linux machine and have properly restriced TCP and ICMP. Only incoming requests from specific machines are accepted, the machine looks like it doesn't exist to everyone else. I have a question regarding UDP though. Can UDP give you away? I currently have it setup to ACCEPT all incoming and outgoing UDP packets b/c I don't understand them well enough to restrict them. I know they're used for DNS, Time, Etc, but if I'm not running a DNS or Time server, what could a remote machine learn about me by sending me UDP packets?
From what I've read, it appears that UDP requests are just dropped unless they're sent to a running service that's setup to respond. If this is true, no services = no responses making UDP filtering unnecessary. Is that right? or am I missing something?